diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2022-02-20 21:09:29 -0300 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2022-02-22 16:37:23 +0100 |
| commit | 30b0351039850d01c382b745a1f40b81b4be2a93 (patch) | |
| tree | 049f76a7ab0383d0ed828c069f079dada532497f /package/libs/openssl/engine.mk | |
| parent | 17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36 (diff) | |
| download | upstream-30b0351039850d01c382b745a1f40b81b4be2a93.tar.gz upstream-30b0351039850d01c382b745a1f40b81b4be2a93.tar.bz2 upstream-30b0351039850d01c382b745a1f40b81b4be2a93.zip | |
openssl: configure engine packages during install
This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.
The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/openssl/engine.mk')
| -rw-r--r-- | package/libs/openssl/engine.mk | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/package/libs/openssl/engine.mk b/package/libs/openssl/engine.mk new file mode 100644 index 0000000000..482b5ad5e8 --- /dev/null +++ b/package/libs/openssl/engine.mk @@ -0,0 +1,82 @@ +ENGINES_DIR=engines-1.1 + +define Package/openssl/engine/Default + SECTION:=libs + CATEGORY:=Libraries + SUBMENU:=SSL + DEPENDS:=libopenssl @OPENSSL_ENGINE +libopenssl-conf +endef + +# 1 = engine name +# 2 - package name, defaults to libopenssl-$(1) +define Package/openssl/add-engine + OSSL_ENG_PKG:=$(if $(2),$(2),libopenssl-$(1)) + Package/$$(OSSL_ENG_PKG)/conffiles:=/etc/ssl/engines.cnf.d/$(1).cnf + + define Package/$$(OSSL_ENG_PKG)/install + $$(INSTALL_DIR) $$(1)/usr/lib/$(ENGINES_DIR) + $$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/$(1).so \ + $$(1)/usr/lib/$(ENGINES_DIR) + $$(INSTALL_DIR) $$(1)/etc/ssl/engines.cnf.d + $$(INSTALL_DATA) ./files/$(1).cnf $$(1)/etc/ssl/engines.cnf.d/ + endef + + define Package/$$(OSSL_ENG_PKG)/postinst := +#!/bin/sh +# $$$$1 == non-empty: suggest reinstall +error_out() { + [ "$1" ] && cat <<- EOF + Reinstalling the libopenssl-conf package may fix this: + + opkg install --force-reinstall libopenssl-conf + EOF + cat <<- EOF + + Then, you will have to reinstall this package, and any other engine package you have + you have previously installed to ensure they are enabled: + + opkg install --force-reinstall $$(OSSL_ENG_PKG) [OTHER_ENGINE_PKG]... + + EOF + exit 1 +} +ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf" +OPENSSL_CNF="$$$${IPKG_INSTROOT}/etc/ssl/openssl.cnf" +if [ ! -f "$$$${OPENSSL_CNF}" ]; then + echo -e "ERROR: File $$$${OPENSSL_CNF} not found." + error_out reinstall +fi +if ! grep -q "^.include /etc/ssl/engines.cnf.d" "$$$${OPENSSL_CNF}"; then + cat <<- EOF + Your /etc/ssl/openssl.cnf file is not loading engine configuration files from + /etc/ssl/engines.cnf.d. You should consider start with a fresh, updated OpenSSL config by + running: + + opkg install --force-reinstall --force-maintainer libopenssl-conf + + The above command will overwrite any changes you may have made to both /etc/ssl/openssl.cnf + and /etc/ssl/engines.cnf.d/engines.cnf files, so back them up first! + EOF + error_out +fi +if [ ! -f "$$$${ENGINES_CNF}" ]; then + echo "Can't configure $$(OSSL_ENG_PKG): File $$$${ENGINES_CNF} not found." + error_out reinstall +fi +if grep -q "$(1)=$(1)" "$$$${ENGINES_CNF}"; then + echo "$$(OSSL_ENG_PKG): $(1) engine was already configured. Nothing to be done." +else + echo "$(1)=$(1)" >> "$$$${ENGINES_CNF}" + echo "$$(OSSL_ENG_PKG): $(1) engine enabled. All done!" +fi + endef + + define Package/$$(OSSL_ENG_PKG)/prerm := +#!/bin/sh +ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf" +[ -f "$$$${ENGINES_CNF}" ] || exit 0 +sed -e '/$(1)=$(1)/d' -i "$$$${ENGINES_CNF}" + endef +endef + + |